ramnit | 0b3a8131452794a52d7033c561eefb41790c9d8291bb78e24e55b8da602dfb14 | Triage

Sharing

General

Target

JaffaCakes118_64c8ecdf027aa62c8f74edd2b564dc40
Size

620KB
Sample

250102-nph3maznbx
MD5

64c8ecdf027aa62c8f74edd2b564dc40
SHA1

bd458c1af078fe9d67fd8c64ae1cea9867162840
SHA256

0b3a8131452794a52d7033c561eefb41790c9d8291bb78e24e55b8da602dfb14
SHA512

e78a72dfaae216b9bdcd2230484886b0cbfc110a3bcf72cf9fd015d31b8b9f7ddd7d5a3f67772cd64c73cdfffc35aaed6e1f86e7bed30ee5cd84867344a25b02
SSDEEP

6144:CnvZGMur3C7eDqNj7cxPAj/IrJwIBepCP0YYl8iXCb6N/IAldyzrVprPphSYXI:kU1iIBdcYy1fldyn3P7I

Score

10^/10

ramnit banker discovery evasion spyware stealer trojan upx worm

Malware Config

Targets

- Target
  
  JaffaCakes118_64c8ecdf027aa62c8f74edd2b564dc40
- Size
  
  620KB
- MD5
  
  64c8ecdf027aa62c8f74edd2b564dc40
- SHA1
  
  bd458c1af078fe9d67fd8c64ae1cea9867162840
- SHA256
  
  0b3a8131452794a52d7033c561eefb41790c9d8291bb78e24e55b8da602dfb14
- SHA512
  
  e78a72dfaae216b9bdcd2230484886b0cbfc110a3bcf72cf9fd015d31b8b9f7ddd7d5a3f67772cd64c73cdfffc35aaed6e1f86e7bed30ee5cd84867344a25b02
- SSDEEP
  
  6144:CnvZGMur3C7eDqNj7cxPAj/IrJwIBepCP0YYl8iXCb6N/IAldyzrVprPphSYXI:kU1iIBdcYy1fldyn3P7I
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm evasion
- Modifies firewall policy service
  evasion
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryevasionspywarestealertrojanupxworm